Warning: Fake Instagram app infecting Android phones

Android users, beware: A bogus version of photo app Instagram for Android is currently making its way around the Web, and infecting a slew of handsets in the process.

The fake Instagram app was first uncovered late Wednesday by Graham Cluley of Sophos, a cyber security firm. The folks at Sophos have dubbed the trojan malware being spread in the Instatram impostor as “Andr/Boxer-F.” At the moment, there is little information about what exactly the virus does — though according to Sophos’ tests, it appears to be sending out background SMS messages, which Cluley explains can “earn its creators revenue.”

Fortunately for Google, the fake Instagram is not available through the Google Play marketplace, which is where most people go do download new Android apps. Instead, the phony app is appearing on some Russian websites, which include graphics (above) that mimic the design of the real Instagram.

Over the past year, the Android platform has increasingly become a target for malicious software. And Instagram is a prime target for this kind of scam. The highly popular app, long available only for Apple’s iOS devices, just recently launched on Android, and managed rack up 10 million new users on Android after only a few days. Then, of course, Facebook decided to buy Instagram for $1 billion, and its public profile rose even further.

Obviously, there are a number of ways to avoid being duped into downloading fake apps that contain malware — thought it’s not always as easy or straightforward as some think it should be. The first way is to always download apps from a reputable app store — Google Play should be your first choice. Also, make sure to always check the permissions list before downloading an Android app. And to protect yourself further, you can also download an Android antivirus app, like this one from Lookout Security, though some believe this is still an unnecessary precaution.